-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathPre2KFromDCSync.py
More file actions
106 lines (85 loc) · 4.43 KB
/
Pre2KFromDCSync.py
File metadata and controls
106 lines (85 loc) · 4.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import argparse
import time
from Crypto.Hash import MD4
from tabulate import tabulate
class Pre2KAccountFinder:
def __init__(self, file_path, output_file):
self.file_path = file_path
self.output_file = output_file
self.machine_accounts = []
def get_nt_hash(self, password):
# Convert password to bytes (UTF-16LE encoding)
password_bytes = password.encode('utf-16le')
# Generate NT hash using MD4 from pycryptodome
hasher = MD4.new()
hasher.update(password_bytes)
nt_hash = hasher.digest()
# Return the hash in hexadecimal format
return nt_hash.hex().upper()
def read_secretsdump(self):
try:
with open(self.file_path, 'r') as file:
for line in file:
parts = line.split(':')
if len(parts) > 2: # Ensure there are enough parts to extract the account name and hash
account_name = parts[0]
nt_hash = parts[3]
if account_name.endswith('$'): # Check for machine accounts
self.machine_accounts.append((account_name, nt_hash))
except FileNotFoundError:
print(f"The file {self.file_path} was not found.")
return []
def find_pre2k_accounts(self):
self.read_secretsdump()
if not self.machine_accounts:
print("No machine accounts found.")
return
results = [] # Store results for output
found_count = 0 # Counter for found accounts
for account_name, stored_nt_hash in self.machine_accounts:
# Generate the potential password for comparison
trimmed_account_name = account_name[:14] # Only take the first 14 characters
potential_password = trimmed_account_name.rstrip('$').lower() # Remove '$' and convert to lowercase
computed_nt_hash = self.get_nt_hash(potential_password)
if computed_nt_hash == stored_nt_hash.upper():
# Append the found account info to results
results.append([account_name, stored_nt_hash, potential_password])
found_count += 1 # Increment the counter for found accounts
# Print results in a table format
if results:
print(tabulate(results, headers=["Account Name", "Stored NT Hash", "Potential Password"], tablefmt="simple_grid"))
# Write results to output file if specified
if self.output_file:
with open(self.output_file, 'w') as out_file:
out_file.write("Account Name,Stored NT Hash,Potential Password\n")
for row in results:
out_file.write(",".join(row) + "\n")
print(f"\nResults saved to {self.output_file}")
# Print the count of found accounts
print(f"\nTotal Pre2K accounts found: {found_count}")
def main():
print("""
█▀█ █▀▄ █▀▀ ▀▀▄ █ █ █▀▄ █▀▀ █▀▀ █ █ █▀█ █▀▀
█▀▀ █▀▄ █▀▀ ▄▀ █▀▄ █ █ █ ▀▀█ █ █ █ █
▀ ▀ ▀ ▀▀▀ ▀▀▀ ▀ ▀ ▀▀ ▀▀▀ ▀▀▀ ▀ ▀ ▀ ▀▀▀
By Mor David
The Pre2KDCSync script is a Python utility designed to identify potential Pre-Windows 2000 (Pre2K) machine accounts by analyzing the output from the secretsdump tool.
This script leverages NT hashes derived from the machine account names to check for accounts that use similar passwords, a common practice in Windows environments prior to Windows 2000.
""")
# Set up command line argument parsing
parser = argparse.ArgumentParser(description='Find Pre-Windows 2000 accounts from secretsdump output.')
parser.add_argument('-f', '--file', required=True, help='Path to the secretsdump output file')
parser.add_argument('-o', '--output', help='Path to the output file for results')
args = parser.parse_args()
# Start timing
start_time = time.time()
# Instantiate the Pre2KAccountFinder class and find accounts
finder = Pre2KAccountFinder(args.file, args.output)
finder.find_pre2k_accounts()
# End timing
end_time = time.time()
elapsed_time = end_time - start_time
# Print the elapsed time
print(f"\nExecution time: {elapsed_time:.2f} seconds")
if __name__ == '__main__':
main()